Cisco Systems OL-7426-03 Manual De Usuario
5/26/05
Cisco WLAN Solution Wired Security
OL-7426-03
•
The Cisco WLAN Solution also uses manual and automated Disabling to block access to network
services. In manual Disabling, the operator blocks access using client MAC addresses. In
automated Disabling, which is always active, the Operating System software automatically
blocks access to network services for an operator-defined period of time when a client fails to
authenticate for a fixed number of consecutive attempts. This can be used to deter brute-force
login attacks.
services. In manual Disabling, the operator blocks access using client MAC addresses. In
automated Disabling, which is always active, the Operating System software automatically
blocks access to network services for an operator-defined period of time when a client fails to
authenticate for a fixed number of consecutive attempts. This can be used to deter brute-force
login attacks.
authentication methods to ensure the highest possible security for your business-critical wireless LAN
traffic.
For information about Cisco WLAN Solution wired security, refer to
traffic.
For information about Cisco WLAN Solution wired security, refer to
About Cisco WLAN Solution Wired Security
Cisco WLAN Solution Wired Security
Many traditional Access Point vendors concentrate on security for the Wireless interface similar to that
described in the
described in the
Service Interfaces (
, and
),
Cisco Wireless LAN Controller to AP, and inter-Cisco Wireless LAN Controller communications during
device servicing and
device servicing and
, the Operating System includes built-in security.
Each Cisco Wireless LAN Controller and Cisco 1000 Series lightweight access point is manufactured with
a unique, signed X.509 certificate. This certificate is used to authenticate IPSec tunnels between
devices. These IPSec tunnels ensure secure communications for mobility and device servicing.
Cisco Wireless LAN Controllers and Cisco 1000 Series lightweight access points also use the signed
certificates to verify downloaded code before it is loaded, ensuring that hackers do not download
malicious code into any Cisco Wireless LAN Controller or Cisco 1000 Series lightweight access point.
For information about Cisco WLAN Solution wireless security, refer to
a unique, signed X.509 certificate. This certificate is used to authenticate IPSec tunnels between
devices. These IPSec tunnels ensure secure communications for mobility and device servicing.
Cisco Wireless LAN Controllers and Cisco 1000 Series lightweight access points also use the signed
certificates to verify downloaded code before it is loaded, ensuring that hackers do not download
malicious code into any Cisco Wireless LAN Controller or Cisco 1000 Series lightweight access point.
For information about Cisco WLAN Solution wireless security, refer to
.
Layer 2 and Layer 3 LWAPP Operation
Layer 2 and Layer 3 LWAPP Operation
The LWAPP communications between Cisco Wireless LAN Controller and Cisco 1000 Series lightweight
access points can be conducted at ISO Data Link Layer 2 or Network Layer 3.
access points can be conducted at ISO Data Link Layer 2 or Network Layer 3.
Operational Requirements
Operational Requirements
The requirement for Layer 2 LWAPP communications is that the Cisco Wireless LAN Controller and Cisco
1000 Series lightweight access points must be connected to each other through Layer 2 devices on the
same subnet. This is the default operational mode for the Cisco WLAN Solution. Note that when the
Cisco Wireless LAN Controller and Cisco 1000 Series lightweight access points are on different subnets,
these devices must be operated in Layer 3 mode.
The requirement for Layer 3 LWAPP communications is that the Cisco Wireless LAN Controllers and
Cisco 1000 Series lightweight access points can be connected through Layer 2 devices on the same
subnet, or connected through Layer 3 devices across subnets.
Note that all Cisco Wireless LAN Controllers in an
1000 Series lightweight access points must be connected to each other through Layer 2 devices on the
same subnet. This is the default operational mode for the Cisco WLAN Solution. Note that when the
Cisco Wireless LAN Controller and Cisco 1000 Series lightweight access points are on different subnets,
these devices must be operated in Layer 3 mode.
The requirement for Layer 3 LWAPP communications is that the Cisco Wireless LAN Controllers and
Cisco 1000 Series lightweight access points can be connected through Layer 2 devices on the same
subnet, or connected through Layer 3 devices across subnets.
Note that all Cisco Wireless LAN Controllers in an
must use the
same LWAPP Layer 2 or Layer 3 mode, or you will defeat the Mobility software algorithm.
Configuration Requirements
Configuration Requirements
When you are operating the Cisco WLAN Solution in Layer 2 mode, you must configure a
to control your Layer 2 communications.
When you are operating the Cisco WLAN Solution in Layer 3 mode, you must configure a
to control Cisco 1000
Series lightweight access point-to-Cisco Wireless LAN Controller Layer 3 communications.